Previous Thread
Next Thread
Print Thread
Rate Thread
#18675 09/23/05 04:54 PM
Joined: Sep 2005
Posts: 102
T
Testing Offline OP
UGN Member
OP Offline
UGN Member
T
Joined: Sep 2005
Posts: 102
Ok, so I guess php 5 has the register_variables set to off.

Do you think it would be best to learn php with the rules set the way they are now or would it be best to turn the register_variables to on.

I am looking at it from the point of a beginner learning the language not necessarily from a security position.

For now I have changed the .ini file and have them back on. However Im curious on what your opinion is on the best way to learn.

#18676 09/23/05 05:10 PM
Joined: Dec 2002
Posts: 3,255
Likes: 3
UGN Elite
Offline
UGN Elite
Joined: Dec 2002
Posts: 3,255
Likes: 3
The developers a PHP.net suggest for security to get register globals OFF. However Every Hoster and script I have seen have register globals set to on, or require they be on.

I guess the answer to your question is this. It is good practice to design with register globals off. But in the production world it seems the pratice is to design as if they were on.

It is often harder to design with them off as you need to be a bit more creative. I have them on on the server, but try to design as if they were off. Usally fail at this frown

#18677 09/23/05 05:28 PM
Joined: Sep 2005
Posts: 102
T
Testing Offline OP
UGN Member
OP Offline
UGN Member
T
Joined: Sep 2005
Posts: 102
Thats kind of what I was thinking. Learn with em on so I can learn this language without making it too friggin difficult on myself. Then when designing be security conscience.

Thanks for your input and info regarding hosts.

Since Im self hosting for now I get to choose! lol

#18678 09/23/05 06:13 PM
Joined: Feb 2002
Posts: 7,203
Likes: 11
Community Owner
Offline
Community Owner
Joined: Feb 2002
Posts: 7,203
Likes: 11
I prefer designing for php4, ensures more compatability if you choose to move or sell scripts.


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
#18679 09/23/05 07:33 PM
Joined: Dec 2002
Posts: 3,255
Likes: 3
UGN Elite
Offline
UGN Elite
Joined: Dec 2002
Posts: 3,255
Likes: 3
Ture!!! If you are developing for sales, bleeding edge is bad. you want 2 or 3 versions back I would say.

#18680 09/23/05 08:18 PM
Joined: Feb 2002
Posts: 7,203
Likes: 11
Community Owner
Offline
Community Owner
Joined: Feb 2002
Posts: 7,203
Likes: 11
Quote:
Originally posted by �int��:
Ture!!! If you are developing for sales, bleeding edge is bad. you want 2 or 3 versions back I would say.
Word of advice; always program for sales wink ...


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
#18681 09/23/05 08:48 PM
Joined: Feb 2002
Posts: 7,203
Likes: 11
Community Owner
Offline
Community Owner
Joined: Feb 2002
Posts: 7,203
Likes: 11
Since little rusty over there decided to post some of his favorite functions I went and built my own, as you can see most of my fav's deal with the file system vs much else...

file_exists:
http://us2.php.net/manual/en/function.file-exists.php

file:
http://us2.php.net/manual/en/function.file.php

fopen/fclose:
http://us2.php.net/fopen
http://us2.php.net/manual/en/function.fclose.php

fsockopen:
http://us2.php.net/manual/en/function.fsockopen.php

other disk/file functions:
http://us2.php.net/manual/en/function.disk-free-space.php
http://us2.php.net/manual/en/function.disk-total-space.php
http://us2.php.net/manual/en/function.chmod.php
http://us2.php.net/manual/en/function.copy.php
http://us2.php.net/manual/en/function.delete.php
http://us2.php.net/manual/en/function.filesize.php
http://us2.php.net/manual/en/function.filetype.php
http://us2.php.net/manual/en/function.flock.php
http://us2.php.net/manual/en/function.is-writable.php
http://us2.php.net/manual/en/function.touch.php

As you can see none of the "persistant" options are in my favorite, the reason is because persistant connections can be dirty and if not used properly can tear a server to its knees; working for a webhost for 3 years I've seen this with numerous scripts.


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
#18682 09/24/05 10:03 AM
Joined: Feb 2002
Posts: 7,203
Likes: 11
Community Owner
Offline
Community Owner
Joined: Feb 2002
Posts: 7,203
Likes: 11
BTW, if you're going to go off playing with MySQL you should also look into:
http://us2.php.net/manual/en/function.str-replace.php
http://us2.php.net/manual/en/function.stripslashes.php
http://us2.php.net/manual/en/function.strip-tags.php

so you don't go and get yourself owned...


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
#18683 09/24/05 07:02 PM
Joined: Sep 2005
Posts: 102
T
Testing Offline OP
UGN Member
OP Offline
UGN Member
T
Joined: Sep 2005
Posts: 102
Thanks Gizmo!

I will be developing for sales. However first I have plenty of developing for practice, mistakes, and learning to not "get owned"! Again thanks for the links as I can guarantee I will be previewing all of them.

Fortunately I have taken a database design class using oracle. So when it comes to the database I will be ok with normalization (about the only real info I remember from the class). LOL


I figure over the next week or so I will just be doing the examples from the books Im reading (PHP AND MYSQL FOR DYNAMIC WEB SITES written by Larry Ullman . Learning PHP 5 written by David Sklar ,, an Oreilly book.

I wonder how its going to be learning PHP from 2 books that cover different versions. lol
Might be a tad quirky sometimes but whatever,, ill get through it.

Thanks again everyone.

#18684 09/24/05 07:41 PM
Joined: Feb 2002
Posts: 7,203
Likes: 11
Community Owner
Offline
Community Owner
Joined: Feb 2002
Posts: 7,203
Likes: 11
Well, if you're going to, eventually, design for sales; you should look into MySQL as your DB of choice as it's going to be what 99% of your users would use wink ...

See PM btw...


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
#18685 09/28/05 08:00 AM
Joined: Dec 2002
Posts: 3,255
Likes: 3
UGN Elite
Offline
UGN Elite
Joined: Dec 2002
Posts: 3,255
Likes: 3
If you are going into my SQL get very used to reading the manual on thier site.
http://dev.mysql.com/doc/mysql/en/tutorial.html


Also see thier forums
http://forums.mysql.com/

for thier PHP forum
http://forums.mysql.com/list.php?52


Most MySQL you can just see the info on PHP.net and run with it. Some tricky stuff you will need to look at thier manual and play with the PHP code to get it to work.


PHP.net MySQL functions
http://us2.php.net/manual/en/ref.mysql.php


Link Copied to Clipboard
Member Spotlight
Posts: 30
Joined: June 2002
Forum Statistics
Forums41
Topics33,840
Posts68,858
Average Daily Posts1
Members2,176
Most Online3,253
Jan 13th, 2020
Latest Postings
Where and how do you torrent?
by danni75 - 03/01/24 05:58 AM
Animation,
by JohanKaariainen - 08/15/19 01:18 AM
Blackbeard.....
by Gremelin - 10/03/18 07:02 PM
my old account still exists!
by Crime - 08/10/18 02:47 PM
Okay WTF?
by HenryMiring - 09/27/17 01:45 AM
The History Thread...
by Gremelin - 08/11/17 12:11 PM
My friend NEEDS your HELP!
by Lena01 - 07/21/17 12:06 AM
I'm having fun with this guy.
by gabithompson730 - 07/20/17 01:50 AM
I want to upgrade my phone
by gabithompson730 - 07/20/17 01:49 AM
Doom 3
by Cyrez - 09/11/14 08:58 PM
Amazon Gift Card Generator/KeyGen?te
by Gecko666 - 08/22/14 09:21 AM
AIM scene 99-03
by lavos - 09/02/13 08:06 AM
Planetside 2
by Crime - 03/04/13 07:10 AM
Beta Testers Wanted
by Crime - 03/04/13 06:55 AM
Hello Everyone
by Gremelin - 02/12/12 06:01 PM
Tracfone ESN Generator
by Zanvin Green - 01/18/12 01:31 PM
Python 3 issue
by Testing - 12/17/11 09:28 PM
tracfone airtime
by Drache86 - 07/30/11 03:37 AM
Backdoors and the Infinite
by ZeroCoolStar - 07/10/11 03:52 AM
HackThisZIne #12 Releaseed!
by Pipat2 - 04/28/11 09:20 PM
gang wars? l33t-wars?
by Gremelin - 04/28/11 05:56 AM
Consolidate Forums
by diggin2deep - 04/21/11 10:02 AM
LAN Hacking Noob
by Gremelin - 03/12/11 12:42 AM
Top Posters
UGN Security 41,392
Gremelin 7,203
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Top Likes Received
Ghost 2
Crime 1
Ice 1
Dartur 1
Cyrez 1
Powered by UBB.threads™ PHP Forum Software 7.7.5